From owner-freebsd-security@FreeBSD.ORG Thu Sep 18 10:19:30 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C89D316A4B3 for ; Thu, 18 Sep 2003 10:19:30 -0700 (PDT) Received: from pd4mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8FA7D43FD7 for ; Thu, 18 Sep 2003 10:19:29 -0700 (PDT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from pd2mr1so.prod.shaw.ca (pd2mr1so-ser.prod.shaw.ca [10.0.141.110])2003))freebsd-security@freebsd.org; Thu, 18 Sep 2003 11:19:29 -0600 (MDT) Received: from pn2ml9so.prod.shaw.ca (pn2ml9so-qfe0.prod.shaw.ca [10.0.121.7]) 2003))freebsd-security@freebsd.org; Thu, 18 Sep 2003 11:19:29 -0600 (MDT) Received: from piii600.wadham.ox.ac.uk (h24-87-233-42.vc.shawcable.net [24.87.233.42])2003)) freebsd-security@freebsd.org; Thu, 18 Sep 2003 11:19:29 -0600 (MDT) Date: Thu, 18 Sep 2003 10:19:26 -0700 From: Colin Percival In-reply-to: <200309181631.09442.mkenyeres@konvergencia.hu> X-Sender: cperciva@popserver.sfu.ca To: Marton Kenyeres , berta Message-id: <5.0.2.1.1.20030918093454.02e15058@popserver.sfu.ca> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT References: <009101c37dda$b7d97450$05e3a8c0@nt> <009101c37dda$b7d97450$05e3a8c0@nt> cc: freebsd-security@freebsd.org Subject: FreeBSD Update (was: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2003 17:19:30 -0000 At 16:31 18/09/2003 +0200, Marton Kenyeres wrote: >If you track RELENG_4_8 or RELENG_4_7 the security/freebsd-update port may be >an option. Note that AFAIK you can only use this, if you did a binary install >of the system and did NOT recompile it since. Another few notes to add: 1. "Binary install" means "binary install of the officially published FTP or ISO image" -- if you ran `make release` on your own, FreeBSD Update won't work. 2. There is a delay between updated source code becoming available and binary updates being online. Anyone who tried to update a 4.8-RELEASE system before about 11AM 18/9/03 GMT, or a 4.7-RELEASE system before about 4AM GMT, will not have the latest patches (in fact, they'll have the first version of the ssh fixes). If this applies to you, run FreeBSD Update again. 3. FreeBSD Update is designed to be run from cron. This is perfectly safe, since it only fetches updates and sends an email to root, and it uses minimal bandwidth. I highly recommend that people do this (but if your clock is set to GMT, please pick a time other than 3AM). Colin Percival